Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/servicemesh-grafana@6.4.3-11?arch=el8
Typerpm
Namespaceredhat
Nameservicemesh-grafana
Version6.4.3-11
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3cbb-ghjz-fyhn
vulnerability_id VCID-3cbb-ghjz-fyhn
summary 
Cross-Site Scripting in serialize-javascript
Versions of `serialize-javascript` prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.


## Recommendation

Upgrade to version 2.1.1 or later.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16769.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16769.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16769
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61099
published_at 2026-04-21T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61021
published_at 2026-04-02T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.6105
published_at 2026-04-04T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61016
published_at 2026-04-07T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61064
published_at 2026-04-08T12:55:00Z
5
value 0.00406
scoring_system epss
scoring_elements 0.6108
published_at 2026-04-09T12:55:00Z
6
value 0.00406
scoring_system epss
scoring_elements 0.61101
published_at 2026-04-11T12:55:00Z
7
value 0.00406
scoring_system epss
scoring_elements 0.61087
published_at 2026-04-12T12:55:00Z
8
value 0.00406
scoring_system epss
scoring_elements 0.61068
published_at 2026-04-13T12:55:00Z
9
value 0.00406
scoring_system epss
scoring_elements 0.6111
published_at 2026-04-16T12:55:00Z
10
value 0.00406
scoring_system epss
scoring_elements 0.61116
published_at 2026-04-18T12:55:00Z
11
value 0.00406
scoring_system epss
scoring_elements 0.60945
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16769
2
reference_url https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
3
reference_url https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16769
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16769
5
reference_url https://www.npmjs.com/advisories/1426
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1426
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848092
reference_id 1848092
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848092
7
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
8
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
fixed_packages
aliases CVE-2019-16769, GHSA-h9rv-jmmf-4pgx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cbb-ghjz-fyhn
1
url VCID-9s34-1nd8-f7ee
vulnerability_id VCID-9s34-1nd8-f7ee
summary 
XML Entity Expansion and Improper Input Validation in Kubernetes API server
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

### Specific Go Packages Affected
k8s.io/kubernetes/pkg/apiserver
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3239
1
reference_url https://access.redhat.com/errata/RHSA-2019:3811
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3811
2
reference_url https://access.redhat.com/errata/RHSA-2019:3905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3905
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
reference_id
reference_type
scores
0
value 0.83793
scoring_system epss
scoring_elements 0.99291
published_at 2026-04-08T12:55:00Z
1
value 0.83793
scoring_system epss
scoring_elements 0.99296
published_at 2026-04-18T12:55:00Z
2
value 0.83793
scoring_system epss
scoring_elements 0.99295
published_at 2026-04-16T12:55:00Z
3
value 0.83793
scoring_system epss
scoring_elements 0.99294
published_at 2026-04-21T12:55:00Z
4
value 0.83793
scoring_system epss
scoring_elements 0.99293
published_at 2026-04-13T12:55:00Z
5
value 0.83793
scoring_system epss
scoring_elements 0.99292
published_at 2026-04-09T12:55:00Z
6
value 0.83793
scoring_system epss
scoring_elements 0.99285
published_at 2026-04-01T12:55:00Z
7
value 0.83793
scoring_system epss
scoring_elements 0.99286
published_at 2026-04-02T12:55:00Z
8
value 0.83793
scoring_system epss
scoring_elements 0.99288
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
8
reference_url https://github.com/kubernetes/kubernetes/issues/83253
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/83253
9
reference_url https://github.com/kubernetes/kubernetes/pull/83261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/83261
10
reference_url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
11
reference_url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
13
reference_url https://pkg.go.dev/vuln/GO-2022-0703
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0703
14
reference_url https://security.netapp.com/advisory/ntap-20191031-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0006
15
reference_url https://security.netapp.com/advisory/ntap-20191031-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191031-0006/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
reference_id 1757701
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/errata/RHSA-2019:3132
reference_id RHSA-2019:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3132
22
reference_url https://access.redhat.com/errata/RHSA-2020:2795
reference_id RHSA-2020:2795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2795
23
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
24
reference_url https://access.redhat.com/errata/RHSA-2020:2799
reference_id RHSA-2020:2799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2799
25
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
26
reference_url https://access.redhat.com/errata/RHSA-2020:2863
reference_id RHSA-2020:2863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2863
27
reference_url https://access.redhat.com/errata/RHSA-2020:2870
reference_id RHSA-2020:2870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2870
28
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
fixed_packages
aliases CVE-2019-11253, GHSA-pmqp-h87c-mr78
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9s34-1nd8-f7ee
2
url VCID-drfs-tub9-zqgg
vulnerability_id VCID-drfs-tub9-zqgg
summary 
Grafana XSS via the OpenTSDB datasource
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13430
reference_id
reference_type
scores
0
value 0.00403
scoring_system epss
scoring_elements 0.60729
published_at 2026-04-01T12:55:00Z
1
value 0.00403
scoring_system epss
scoring_elements 0.60881
published_at 2026-04-11T12:55:00Z
2
value 0.00403
scoring_system epss
scoring_elements 0.6086
published_at 2026-04-09T12:55:00Z
3
value 0.00403
scoring_system epss
scoring_elements 0.60844
published_at 2026-04-08T12:55:00Z
4
value 0.00403
scoring_system epss
scoring_elements 0.60795
published_at 2026-04-07T12:55:00Z
5
value 0.00403
scoring_system epss
scoring_elements 0.60831
published_at 2026-04-04T12:55:00Z
6
value 0.00403
scoring_system epss
scoring_elements 0.60802
published_at 2026-04-02T12:55:00Z
7
value 0.00403
scoring_system epss
scoring_elements 0.6088
published_at 2026-04-21T12:55:00Z
8
value 0.00403
scoring_system epss
scoring_elements 0.60896
published_at 2026-04-18T12:55:00Z
9
value 0.00403
scoring_system epss
scoring_elements 0.60892
published_at 2026-04-16T12:55:00Z
10
value 0.00403
scoring_system epss
scoring_elements 0.6085
published_at 2026-04-13T12:55:00Z
11
value 0.00403
scoring_system epss
scoring_elements 0.60868
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13430
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-7m2x-qhrq-rp8h
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7m2x-qhrq-rp8h
4
reference_url https://github.com/grafana/grafana
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana
5
reference_url https://github.com/grafana/grafana/pull/24539
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/pull/24539
6
reference_url https://github.com/grafana/grafana/releases/tag/v7.0.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/releases/tag/v7.0.0
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13430
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13430
8
reference_url https://security.netapp.com/advisory/ntap-20200528-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200528-0003
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848108
reference_id 1848108
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848108
10
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
11
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
12
reference_url https://access.redhat.com/errata/RHSA-2020:4682
reference_id RHSA-2020:4682
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4682
fixed_packages
aliases CVE-2020-13430, GHSA-7m2x-qhrq-rp8h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drfs-tub9-zqgg
3
url VCID-ed2w-eexq-kuam
vulnerability_id VCID-ed2w-eexq-kuam
summary grafana: XSS annotation popup vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12052
reference_id
reference_type
scores
0
value 0.00716
scoring_system epss
scoring_elements 0.7233
published_at 2026-04-01T12:55:00Z
1
value 0.00716
scoring_system epss
scoring_elements 0.72336
published_at 2026-04-02T12:55:00Z
2
value 0.00716
scoring_system epss
scoring_elements 0.72355
published_at 2026-04-04T12:55:00Z
3
value 0.00716
scoring_system epss
scoring_elements 0.72331
published_at 2026-04-07T12:55:00Z
4
value 0.00716
scoring_system epss
scoring_elements 0.7237
published_at 2026-04-08T12:55:00Z
5
value 0.00716
scoring_system epss
scoring_elements 0.72383
published_at 2026-04-09T12:55:00Z
6
value 0.00716
scoring_system epss
scoring_elements 0.72406
published_at 2026-04-11T12:55:00Z
7
value 0.00716
scoring_system epss
scoring_elements 0.7239
published_at 2026-04-12T12:55:00Z
8
value 0.00716
scoring_system epss
scoring_elements 0.72377
published_at 2026-04-13T12:55:00Z
9
value 0.00716
scoring_system epss
scoring_elements 0.72419
published_at 2026-04-16T12:55:00Z
10
value 0.00716
scoring_system epss
scoring_elements 0.72428
published_at 2026-04-18T12:55:00Z
11
value 0.00716
scoring_system epss
scoring_elements 0.72416
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12052
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848089
reference_id 1848089
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848089
4
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
5
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
6
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
7
reference_url https://access.redhat.com/errata/RHSA-2020:4682
reference_id RHSA-2020:4682
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4682
fixed_packages
aliases CVE-2020-12052
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed2w-eexq-kuam
4
url VCID-fph7-rrjp-uqa1
vulnerability_id VCID-fph7-rrjp-uqa1
summary 
Grafana XSS in header column rename
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12245
reference_id
reference_type
scores
0
value 0.03189
scoring_system epss
scoring_elements 0.8697
published_at 2026-04-08T12:55:00Z
1
value 0.03189
scoring_system epss
scoring_elements 0.8695
published_at 2026-04-07T12:55:00Z
2
value 0.03189
scoring_system epss
scoring_elements 0.86957
published_at 2026-04-04T12:55:00Z
3
value 0.03189
scoring_system epss
scoring_elements 0.86938
published_at 2026-04-02T12:55:00Z
4
value 0.03189
scoring_system epss
scoring_elements 0.86928
published_at 2026-04-01T12:55:00Z
5
value 0.03189
scoring_system epss
scoring_elements 0.86999
published_at 2026-04-18T12:55:00Z
6
value 0.03189
scoring_system epss
scoring_elements 0.86995
published_at 2026-04-16T12:55:00Z
7
value 0.03189
scoring_system epss
scoring_elements 0.8698
published_at 2026-04-13T12:55:00Z
8
value 0.03189
scoring_system epss
scoring_elements 0.86986
published_at 2026-04-12T12:55:00Z
9
value 0.03189
scoring_system epss
scoring_elements 0.86991
published_at 2026-04-11T12:55:00Z
10
value 0.03189
scoring_system epss
scoring_elements 0.86978
published_at 2026-04-09T12:55:00Z
11
value 0.03189
scoring_system epss
scoring_elements 0.86997
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12245
6
reference_url https://community.grafana.com/t/release-notes-v6-7-x/27119
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://community.grafana.com/t/release-notes-v6-7-x/27119
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/grafana/grafana
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana
9
reference_url https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23
10
reference_url https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e
11
reference_url https://github.com/grafana/grafana/pull/23816
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/pull/23816
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12245
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12245
13
reference_url https://security.netapp.com/advisory/ntap-20200511-0001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200511-0001
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848643
reference_id 1848643
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848643
15
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
16
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
17
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
18
reference_url https://access.redhat.com/errata/RHSA-2020:4682
reference_id RHSA-2020:4682
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4682
fixed_packages
aliases CVE-2020-12245, GHSA-ccmg-w4xm-p28v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fph7-rrjp-uqa1
5
url VCID-gg1m-2vwq-euet
vulnerability_id VCID-gg1m-2vwq-euet
summary 
Regular Expression Denial of Service in websocket-extensions (NPM package)
### Impact

The ReDoS flaw allows an attacker to exhaust the server's capacity to process
incoming requests by sending a WebSocket handshake request containing a header
of the following form:

    Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ...

That is, a header containing an unclosed string parameter value whose content is
a repeating two-byte sequence of a backslash and some other character. The
parser takes exponential time to reject this header as invalid, and this will
block the processing of any other work on the same thread. Thus if you are
running a single-threaded server, such a request can render your service
completely unavailable.

### Patches

Users should upgrade to version 0.1.4.

### Workarounds

There are no known work-arounds other than disabling any public-facing
WebSocket functionality you are operating.

### References

- https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7662.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7662.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7662
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53683
published_at 2026-04-21T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.537
published_at 2026-04-18T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53696
published_at 2026-04-16T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53658
published_at 2026-04-13T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53675
published_at 2026-04-12T12:55:00Z
5
value 0.00304
scoring_system epss
scoring_elements 0.53573
published_at 2026-04-01T12:55:00Z
6
value 0.00304
scoring_system epss
scoring_elements 0.53643
published_at 2026-04-09T12:55:00Z
7
value 0.00304
scoring_system epss
scoring_elements 0.53645
published_at 2026-04-08T12:55:00Z
8
value 0.00304
scoring_system epss
scoring_elements 0.53593
published_at 2026-04-07T12:55:00Z
9
value 0.00304
scoring_system epss
scoring_elements 0.53624
published_at 2026-04-04T12:55:00Z
10
value 0.00304
scoring_system epss
scoring_elements 0.53596
published_at 2026-04-02T12:55:00Z
11
value 0.00304
scoring_system epss
scoring_elements 0.53692
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7662
2
reference_url https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
3
reference_url https://github.com/faye/websocket-extensions-node
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faye/websocket-extensions-node
4
reference_url https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237
5
reference_url https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7662
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7662
7
reference_url https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1845982
reference_id 1845982
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1845982
9
reference_url https://github.com/advisories/GHSA-g78m-2chm-r7qv
reference_id GHSA-g78m-2chm-r7qv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g78m-2chm-r7qv
10
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
11
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
12
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
fixed_packages
aliases CVE-2020-7662, GHSA-g78m-2chm-r7qv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gg1m-2vwq-euet
6
url VCID-j6nn-jkc5-k3f6
vulnerability_id VCID-j6nn-jkc5-k3f6
summary 
Server Side Request Forgery in Grafana
The avatar feature in Grafana (github.com/grafana/grafana/pkg/api/avatar) 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
4
reference_url http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13379.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13379.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13379
reference_id
reference_type
scores
0
value 0.92845
scoring_system epss
scoring_elements 0.99764
published_at 2026-04-01T12:55:00Z
1
value 0.92845
scoring_system epss
scoring_elements 0.99767
published_at 2026-04-21T12:55:00Z
2
value 0.92845
scoring_system epss
scoring_elements 0.99765
published_at 2026-04-13T12:55:00Z
3
value 0.92845
scoring_system epss
scoring_elements 0.99766
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13379
7
reference_url https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408
8
reference_url https://community.grafana.com/t/release-notes-v6-7-x/27119
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://community.grafana.com/t/release-notes-v6-7-x/27119
9
reference_url https://community.grafana.com/t/release-notes-v7-0-x/29381
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://community.grafana.com/t/release-notes-v7-0-x/29381
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192
12
reference_url https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix
13
reference_url https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ
27
reference_url https://mostwanted002.cf/post/grafanados
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mostwanted002.cf/post/grafanados
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13379
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13379
29
reference_url https://rhynorater.github.io/CVE-2020-13379-Write-Up
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhynorater.github.io/CVE-2020-13379-Write-Up
30
reference_url https://security.netapp.com/advisory/ntap-20200608-0006
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200608-0006
31
reference_url https://www.exploit-db.com/exploits/48638
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/48638
32
reference_url http://www.openwall.com/lists/oss-security/2020/06/03/4
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/06/03/4
33
reference_url http://www.openwall.com/lists/oss-security/2020/06/09/2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/06/09/2
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843640
reference_id 1843640
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843640
35
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48638.sh
reference_id CVE-2020-13379
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48638.sh
36
reference_url https://access.redhat.com/errata/RHSA-2020:2641
reference_id RHSA-2020:2641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2641
37
reference_url https://access.redhat.com/errata/RHSA-2020:2676
reference_id RHSA-2020:2676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2676
38
reference_url https://access.redhat.com/errata/RHSA-2020:2792
reference_id RHSA-2020:2792
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2792
39
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
40
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
41
reference_url https://access.redhat.com/errata/RHSA-2020:5599
reference_id RHSA-2020:5599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5599
42
reference_url https://access.redhat.com/errata/RHSA-2021:0083
reference_id RHSA-2021:0083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0083
43
reference_url https://access.redhat.com/errata/RHSA-2021:1518
reference_id RHSA-2021:1518
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1518
fixed_packages
aliases CVE-2020-13379, GHSA-wc9w-wvq2-ffm9
risk_score 10.0
exploitability 2.0
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6nn-jkc5-k3f6
7
url VCID-k6ny-gfg9-8ugd
vulnerability_id VCID-k6ny-gfg9-8ugd
summary 
Insecure serialization leading to RCE in serialize-javascript
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". 

An object such as `{"foo": /1"/, "bar": "a\"@__R-<UID>-0__@"}` was serialized as `{"foo": /1"/, "bar": "a\/1"/}`, which allows an attacker to escape the `bar` key. This requires the attacker to control the values of both `foo` and `bar` and guess the value of `<UID>`. The UID has a keyspace of approximately 4 billion making it a realistic network attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7660.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7660.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7660
reference_id
reference_type
scores
0
value 0.02901
scoring_system epss
scoring_elements 0.86367
published_at 2026-04-21T12:55:00Z
1
value 0.02901
scoring_system epss
scoring_elements 0.86336
published_at 2026-04-08T12:55:00Z
2
value 0.02901
scoring_system epss
scoring_elements 0.86346
published_at 2026-04-09T12:55:00Z
3
value 0.02901
scoring_system epss
scoring_elements 0.8636
published_at 2026-04-11T12:55:00Z
4
value 0.02901
scoring_system epss
scoring_elements 0.86358
published_at 2026-04-12T12:55:00Z
5
value 0.02901
scoring_system epss
scoring_elements 0.86353
published_at 2026-04-13T12:55:00Z
6
value 0.02901
scoring_system epss
scoring_elements 0.86369
published_at 2026-04-16T12:55:00Z
7
value 0.02901
scoring_system epss
scoring_elements 0.86374
published_at 2026-04-18T12:55:00Z
8
value 0.02901
scoring_system epss
scoring_elements 0.8629
published_at 2026-04-01T12:55:00Z
9
value 0.02901
scoring_system epss
scoring_elements 0.86299
published_at 2026-04-02T12:55:00Z
10
value 0.02901
scoring_system epss
scoring_elements 0.86317
published_at 2026-04-04T12:55:00Z
11
value 0.02901
scoring_system epss
scoring_elements 0.86318
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7660
2
reference_url https://github.com/yahoo/serialize-javascript
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yahoo/serialize-javascript
3
reference_url https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7660
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7660
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1844228
reference_id 1844228
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1844228
6
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
7
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
fixed_packages
aliases CVE-2020-7660, GHSA-hxcc-f52p-wc94
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ny-gfg9-8ugd
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-grafana@6.4.3-11%3Farch=el8